Speak to an expert

Thank You

Your form has been submitted successfully.
Oops! Something went wrong while submitting the form.

TIBER-EU Framework

Threat Intelligence-based Ethical Red Teaming

SecAlliance is one of the leading providers of TIBER-EU threat intelligence assessments. We have extensive experience delivering TIBER-EU engagements, providing a comprehensive analysis of an organisation’s threat landscape and digital footprint.

We have delivered TIBER-EU engagements since the programme’s inception, including pilot projects and framework development support; no one is better placed to deliver a TIBER-EU Threat Intelligence Assessment.

Our unique, structured approach to performing this service provides clients with a clear picture of the most likely and dangerous threats they face.

European Bank

What is the Tiber-EU framework?

The TIBER-EU framework is a pioneering process using intelligence-led resilience assessments that is driven by the European Central Bank (ECB). The TIBER-EU framework is adapted and administered at national level by their associated Central Banks or Authorities (for example, TIBER-NL, TIBER-BE, TIBER-DE, TIBER-DK etc).

It applies to systemically critical organisations in the European Union's financial services sector. The core principle is that Firms are tested against realistic threat scenarios that are generated by qualified Threat Intelligence providers. Ultimately, this means that testers engage in scenarios mimicking the most credible attackers, using relevant and up-to-date tactics, techniques, and procedures (TTPs).

The Threat Intelligence Product

In line with TIBER-EU requirements, SecAlliance provide two CTI reports; the Threat Intelligence Assessment and the Targeting Assessment:

Threat Intelligence Assessment

We perform detailed analysis of a client’s threat landscape. It is an external assessment leveraging structured analytical techniques to identify the most relevant threat actors based on the organisation and its critical business functions. This leads to the creation of realistic threat scenarios, which are simulated by a TIBER red team during the testing phase. Scenarios are underpinned by threat level scoring, relevant use cases, and threat actor profiling. Scenarios also fuse in relevant findings from the Targeting Assessment and include all associated MITRE ATT&CK® tactics, techniques, and sub-techniques.

Targeting Assessment

We perform an in-depth review of an organisation’s attack surface from the perspective of a threat actor. The purpose is to perform attacker-like reconnaissance against the organisation, its assets and its people and to explain how this information, gathered through technical and manual collection techniques, can be leveraged by the threat actor to mount an attack. These findings along with the TTPs of the threat actor feed into the final attack scenarios which are then used by the TIBER red teams to mimic a real world attack.

During the engagement we ensure that:

  • Our delivery fully aligns with the requirements of the TIBER-EU framework.
  • Our reports are of consistently high quality and depth. The intelligence on threat actors and their TTPs is taken from our Threat Intelligence Platform (TIP), ThreatMatch, which is constantly enriched with the latest information and analysed by our fusion team.
  • We work closely with all stakeholders in the TIBER programme including the central authority and the TIBER red team provider.
  • Every client’s needs are fully met, and you receive as much value as possible. This means fully understanding your requirements and business functions so that our analysis and recommendations are as comprehensive and relevant as possible.
  • Support is provided to all parties and workstreams to their fullest until the official end of the engagement. This includes support to the TIBER Red Team, Purple Team, 360 and wash-up sessions.

Our position in the TIBER-EU community

  • We have been one of the earliest proponents of, and participants in, the TIBER-EU programme. We understand its value to customers and its role in bolstering the operational resilience of the wider sector.
  • We have also been actively involved in the creation of sector-wide Generic Threat Landscape (GTL) reports that establish the intelligence baseline for TIBER engagements in multiple European countries.
  • We continue to be involved in this process, offering our knowledge and expertise to regulatory bodies and TIBER-EU participants.
  • Our ThreatMatch portal is set up as a hub for TIBER-EU engagements. It has the ability to publish profiles, reports, findings, and scenarios, which can then be ingested by your own security systems.
  • Based on this position within the framework, we are confident that there is no other CTI provider better placed to conduct TIBER engagements.
Speak to a tiber expert
“I was impressed by the quality and completeness of the Threat Intelligence report. Security Alliance has a very strong understanding of the TIBER framework and processes."
White Team Lead, European financial institute

Why SecAlliance for TIBER?

We are a pure cyber threat intelligence company and specialise in threat assessments within the TIBER framework and equivalent schemes such as CREST STAR and CBEST.


Our delivery fully aligns with the requirements of the TIBER framework


Our reports are of consistently high quality and depth, constantly enriched by our fusion team


We work with all stakeholders in the TIBER programme including Central Banks, regulators and TIBER red teams

Speak to a TIBER expert

Share this content

Want to take this information offline? Download our TIBER-EU Service PDF

Download now

More Consultancy Services

Latest Blogs

View all posts